user - add password expiration parameters (#69531)

* Add integration test Co-authored-by: Sam Doran <sdoran@redhat.com>
author: pushkarkumar15 <61772513+pushkarkumar15@users.noreply.github.com> 2021-02-10 03:11:15 +0530
committer: GitHub <noreply@github.com> 2021-02-09 16:41:15 -0500
commit: 4344607d7d105e264a0edce19f63041158ae9cc7 (patch)
tree: 54dece487278bd43868a190b0a1f36bed6ebb907 /lib/ansible/modules/user.py
parent: bf10bb370ba1c813f7d8d9eea73c3b50b1c19c19 (diff)
download: ansible-4344607d7d105e264a0edce19f63041158ae9cc7.tar.gz
1 files changed, 71 insertions, 0 deletions
diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py
index 4abc74dc58..5e43d05191 100644
--- a/lib/ansible/modules/user.py
+++ b/lib/ansible/modules/user.py
@@ -238,6 +238,19 @@ options:
             - Currently supported on Illumos/Solaris.
         type: str
         version_added: "2.8"
+    password_expire_max:
+        description:
+            - Maximum number of days between password change.
+            - Supported on Linux only.
+        type: int
+        version_added: "2.11"
+    password_expire_min:
+        description:
+            - Minimum number of days between password change.
+            - Supported on Linux only.
+        type: int
+        version_added: "2.11"
+
 notes:
   - There are specific requirements per platform on user management utilities. However
     they generally come pre-installed with the system and Ansible will require they
@@ -299,6 +312,16 @@ EXAMPLES = r'''
   ansible.builtin.user:
     name: james18
     expires: -1
+
+- name: Set maximum expiration date for password
+  user:
+    name: ram19
+    password_expire_max: 10
+
+- name: Set minimum expiration date for password
+  user:
+    name: pushkar15
+    password_expire_min: 5
 '''
 
 RETURN = r'''
@@ -400,6 +423,16 @@ uid:
   returned: When I(uid) is passed to the module
   type: int
   sample: 1044
+password_expire_max:
+  description: Maximum number of days during which a password is valid.
+  returned: When user exists
+  type: int
+  sample: 20
+password_expire_min:
+  description: Minimum number of days between password change
+  returned: When user exists
+  type: int
+  sample: 20
 '''
 
 
@@ -494,6 +527,8 @@ class User(object):
         self.profile = module.params['profile']
         self.authorization = module.params['authorization']
         self.role = module.params['role']
+        self.password_expire_max = module.params['password_expire_max']
+        self.password_expire_min = module.params['password_expire_min']
 
         if module.params['groups'] is not None:
             self.groups = ','.join(module.params['groups'])
@@ -989,6 +1024,30 @@ class User(object):
             info[1] = self.user_password()[0]
         return info
 
+    def set_password_expire_max(self):
+        command_name = 'chage'
+        cmd = [self.module.get_bin_path(command_name, True)]
+        cmd.append('-M')
+        cmd.append(self.password_expire_max)
+        cmd.append(self.name)
+        if self.password_expire_max == spwd.getspnam(self.name).sp_max:
+            self.module.exit_json(changed=False)
+        else:
+            self.execute_command(cmd)
+            self.module.exit_json(changed=True)
+
+    def set_password_expire_min(self):
+        command_name = 'chage'
+        cmd = [self.module.get_bin_path(command_name, True)]
+        cmd.append('-m')
+        cmd.append(self.password_expire_min)
+        cmd.append(self.name)
+        if self.password_expire_min == spwd.getspnam(self.name).sp_min:
+            self.module.exit_json(changed=False)
+        else:
+            self.execute_command(cmd)
+            self.module.exit_json(changed=True)
+
     def user_password(self):
         passwd = ''
         expires = ''
@@ -2957,6 +3016,8 @@ def main():
             shell=dict(type='str'),
             password=dict(type='str', no_log=True),
             login_class=dict(type='str'),
+            password_expire_max=dict(type='int', no_log=False),
+            password_expire_min=dict(type='int', no_log=False),
             # following options are specific to macOS
             hidden=dict(type='bool'),
             # following options are specific to selinux
@@ -3096,6 +3157,16 @@ def main():
             result['ssh_key_file'] = user.get_ssh_key_path()
             result['ssh_public_key'] = user.get_ssh_public_key()
 
+    # deal with password expire max
+    if user.password_expire_max:
+        if user.user_exists():
+            (rc, out, err) = user.set_password_expire_max()
+
+    # deal with password expire min
+    if user.password_expire_min:
+        if user.user_exists():
+            (rc, out, err) = user.set_password_expire_min()
+
     module.exit_json(**result)
author	pushkarkumar15 <61772513+pushkarkumar15@users.noreply.github.com>	2021-02-10 03:11:15 +0530
committer	GitHub <noreply@github.com>	2021-02-09 16:41:15 -0500
commit	4344607d7d105e264a0edce19f63041158ae9cc7 (patch)
tree	54dece487278bd43868a190b0a1f36bed6ebb907 /lib/ansible/modules/user.py
parent	bf10bb370ba1c813f7d8d9eea73c3b50b1c19c19 (diff)
download	ansible-4344607d7d105e264a0edce19f63041158ae9cc7.tar.gz